From b6e9d7901932a8c5b26a4b8340d7cc1d7624b94c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pierre-Elliott=20B=C3=A9cue?= <becue@crans.org>
Date: Sun, 19 May 2013 17:49:42 +0200
Subject: [PATCH] [bcfg2/all] Nouveau serveur dhcp, et config d'isc dans bcfg2.

---
 Bundler/isc-dhcp-server.xml                 |  13 +-
 Cfg/etc/dhcp3/dhclient.conf/dhclient.conf   |  53 ++++++++
 Cfg/etc/dhcp3/dhcpd.conf/dhcpd.conf         | 141 ++++++++++++++++++++
 Cfg/etc/dhcp3/dhcpd.conf/info.xml           |   3 +
 Cfg/etc/dhcp3/omapi.conf/info.xml           |   3 +
 Cfg/etc/dhcp3/omapi.conf/omapi.conf         |   7 +
 Cfg/etc/dhcp3/omapi_generate/info.xml       |   3 +
 Cfg/etc/dhcp3/omapi_generate/omapi_generate |   8 ++
 Metadata/clients.xml                        |   1 +
 Metadata/groups.xml                         |  11 ++
 Rules/isc-dhcp-server.xml                   |  11 ++
 etc/python/ip.py                            |   6 +
 12 files changed, 259 insertions(+), 1 deletion(-)
 create mode 100644 Cfg/etc/dhcp3/dhclient.conf/dhclient.conf
 create mode 100644 Cfg/etc/dhcp3/dhcpd.conf/dhcpd.conf
 create mode 100644 Cfg/etc/dhcp3/dhcpd.conf/info.xml
 create mode 100644 Cfg/etc/dhcp3/omapi.conf/info.xml
 create mode 100644 Cfg/etc/dhcp3/omapi.conf/omapi.conf
 create mode 100644 Cfg/etc/dhcp3/omapi_generate/info.xml
 create mode 100644 Cfg/etc/dhcp3/omapi_generate/omapi_generate
 create mode 100644 Rules/isc-dhcp-server.xml

diff --git a/Bundler/isc-dhcp-server.xml b/Bundler/isc-dhcp-server.xml
index 0c551be..cfb0a05 100644
--- a/Bundler/isc-dhcp-server.xml
+++ b/Bundler/isc-dhcp-server.xml
@@ -1,4 +1,15 @@
 <Bundle name="isc-dhcp-server">
     <Package name="isc-dhcp-server"/>
-<!-- Conf gérée par generate -->
+    <Package name="bind9utils"/>
+    <Service name="isc-dhcp-server"/>
+    <Path type="directory" name="/etc/dhcp3/generated"/>
+    <Path type="directory" name="/etc/dhcp3/dhclient-enter-hooks.d/"/>
+    <Path type="directory" name="/etc/dhcp3/dhclient-exit-hooks.d/"/>
+    <Path type="symlink" name="/etc/dhcp"/>
+    <Path name="/etc/dhcp3/dhclient.conf"/>
+    <Path name="/etc/dhcp3/dhcpd.conf"/>
+    <Path name="/etc/dhcp3/omapi.conf"/>
+    <Path name="/etc/dhcp3/omapi_generate"/>
+    <Action name="omapi_key"/>
+<!-- Conf générée par generate -->
 </Bundle>
diff --git a/Cfg/etc/dhcp3/dhclient.conf/dhclient.conf b/Cfg/etc/dhcp3/dhclient.conf/dhclient.conf
new file mode 100644
index 0000000..9665381
--- /dev/null
+++ b/Cfg/etc/dhcp3/dhclient.conf/dhclient.conf
@@ -0,0 +1,53 @@
+# Configuration file for /sbin/dhclient, which is included in Debian's
+#	dhcp3-client package.
+#
+# This is a sample configuration file for dhclient. See dhclient.conf's
+#	man page for more information about the syntax of this file
+#	and a more comprehensive list of the parameters understood by
+#	dhclient.
+#
+# Normally, if the DHCP server provides reasonable information and does
+#	not leave anything out (like the domain name, for example), then
+#	few changes must be made to this file, if any.
+#
+
+option rfc3442-classless-static-routes code 121 = array of unsigned integer 8;
+
+#send host-name "andare.fugue.com";
+#send dhcp-client-identifier 1:0:a0:24:ab:fb:9c;
+#send dhcp-lease-time 3600;
+#supersede domain-name "fugue.com home.vix.com";
+#prepend domain-name-servers 127.0.0.1;
+request subnet-mask, broadcast-address, time-offset, routers,
+	domain-name, domain-name-servers, domain-search, host-name,
+	netbios-name-servers, netbios-scope, interface-mtu,
+	rfc3442-classless-static-routes, ntp-servers;
+#require subnet-mask, domain-name-servers;
+#timeout 60;
+#retry 60;
+#reboot 10;
+#select-timeout 5;
+#initial-interval 2;
+#script "/etc/dhcp3/dhclient-script";
+#media "-link0 -link1 -link2", "link0 link1";
+#reject 192.33.137.209;
+
+#alias {
+#  interface "eth0";
+#  fixed-address 192.5.5.213;
+#  option subnet-mask 255.255.255.255;
+#}
+
+#lease {
+#  interface "eth0";
+#  fixed-address 192.33.137.200;
+#  medium "link0 link1";
+#  option host-name "andare.swiftmedia.com";
+#  option subnet-mask 255.255.255.0;
+#  option broadcast-address 192.33.137.255;
+#  option routers 192.33.137.250;
+#  option domain-name-servers 127.0.0.1;
+#  renew 2 2000/1/12 00:00:01;
+#  rebind 2 2000/1/12 00:00:01;
+#  expire 2 2000/1/12 00:00:01;
+#}
diff --git a/Cfg/etc/dhcp3/dhcpd.conf/dhcpd.conf b/Cfg/etc/dhcp3/dhcpd.conf/dhcpd.conf
new file mode 100644
index 0000000..3f79d5a
--- /dev/null
+++ b/Cfg/etc/dhcp3/dhcpd.conf/dhcpd.conf
@@ -0,0 +1,141 @@
+#
+# Sample configuration file for ISC dhcpd for Debian
+#
+# $Id: dhcpd.conf,v 1.1.1.1 2002/05/21 00:07:44 peloy Exp $
+#
+
+# The ddns-updates-style parameter controls whether or not the server will
+# attempt to do a DNS update when a lease is confirmed. We default to the
+# behavior of the version 2 packages ('none', since DHCP v2 didn't
+# have support for DDNS.)
+ddns-update-style none;
+
+
+include "/etc/dhcp3/omapi.conf";
+
+
+# option definitions common to all supported networks...
+option option-252 code 252 = text ;
+option domain-search code 119 = text ;
+option option-119 code  119 = text ;
+# La pluspart de nos réseaux sont taggués, on utilise donc une mtu de 1500-4 octets
+option interface-mtu 1496;
+
+# If this DHCP server is the official DHCP server for the local
+# network, the authoritative directive should be uncommented.
+#authoritative;
+
+# Use this to send dhcp log messages to a different log file (you also
+# have to hack syslog.conf to complete the redirection).
+log-facility local7;
+
+# VLan gratuit
+subnet 10.42.0.0 netmask 255.255.0.0 {
+	interface eth3;
+	range 10.42.1.1 10.42.255.200;
+	option domain-name-servers 10.42.0.10;
+	option routers 10.42.0.10;
+	authoritative;
+	default-lease-time 86400;
+        deny unknown-clients;
+        option root-path "/";
+        next-server 138.231.136.98;
+        filename "pxelinux.0";
+}
+
+# VLan accueil
+subnet 10.51.0.0 netmask 255.255.0.0 {
+	interface eth4;
+	range 10.51.1.1 10.51.255.200;
+	default-lease-time 600;
+	max-lease-time 7200;
+	# On met sable en router pour pouvoir accéder à l'intranet et au wiki
+	option routers 10.51.0.10;
+	# On n'a besoin que du dns ici (pour le portail captif)
+	option domain-name-servers 10.51.0.10;
+	authoritative;
+        option root-path "/";
+        next-server 138.231.136.98;
+        filename "pxelinux.0";
+        option time-servers 10.51.0.10;
+        option ntp-servers 10.51.0.10;
+}
+
+# VLan isolement
+subnet 10.52.0.0 netmask 255.255.0.0 {
+	interface eth5;
+	range 10.52.1.1 10.52.255.200;
+	default-lease-time 600;
+	max-lease-time 7200;
+	option domain-name-servers 10.52.0.10;
+	option routers 10.52.0.10;
+	authoritative;
+        option root-path "/";
+        next-server 138.231.136.98;
+        filename "pxelinux.0";
+}
+
+
+# Vlan des adhérents
+subnet 138.231.136.0 netmask 255.255.248.0 {
+    interface eth0;
+    default-lease-time 86400;
+    option subnet-mask 255.255.248.0;
+    option broadcast-address 138.231.143.255;
+    authoritative;
+    option routers 138.231.136.4;
+    option domain-name-servers 138.231.136.98, 138.231.136.152, 138.231.136.247;
+    option domain-name "crans.org";
+    option domain-search "crans.org";
+    option root-path "/";
+    next-server 138.231.136.98;
+    filename "pxelinux.0";
+    option time-servers 138.231.136.9;
+    option ntp-servers 138.231.136.9;
+    option smtp-server 138.231.136.39;
+    option ip-forwarding off;
+    deny unknown-clients;
+
+        include "/etc/dhcp3/generated/adherents.liste";
+}
+
+
+# Vlan des wifi
+subnet 138.231.144.0 netmask 255.255.248.0 {
+    interface eth2;
+    default-lease-time 86400;
+    option subnet-mask 255.255.248.0;
+    option broadcast-address 138.231.148.255;
+    authoritative;
+    option routers 138.231.148.4;
+    option domain-name-servers 138.231.136.98, 138.231.136.152, 138.231.136.247;
+    option domain-name "crans.org";
+    option option-119 "crans.org";
+    option domain-search "crans.org";
+    option time-servers 138.231.136.9;
+    option ntp-servers 138.231.136.9;
+    option smtp-server 138.231.136.3;
+    option ip-forwarding off;
+    deny unknown-clients;
+
+        include "/etc/dhcp3/generated/wifi.liste";
+}
+
+#Vlan appartement
+subnet 10.2.9.0 netmask 255.255.255.0 {
+    interface eth6;
+    default-lease-time 86400;
+    option subnet-mask 255.255.255.0;
+    option broadcast-address 10.2.9.255;
+    authoritative;
+    option routers 10.2.9.4;
+    option domain-name-servers 10.2.9.10, 138.231.136.98, 138.231.136.152, 138.231.136.247;
+    option ip-forwarding off;
+    option root-path "/";
+    next-server 138.231.136.98;
+    filename "pxelinux.0";
+    deny unknown-clients;
+
+        include "/etc/dhcp3/generated/appartements.liste";
+}
+
diff --git a/Cfg/etc/dhcp3/dhcpd.conf/info.xml b/Cfg/etc/dhcp3/dhcpd.conf/info.xml
new file mode 100644
index 0000000..e2b4e77
--- /dev/null
+++ b/Cfg/etc/dhcp3/dhcpd.conf/info.xml
@@ -0,0 +1,3 @@
+<FileInfo>
+    <Info owner='root' group='adm' perms='0664'/>
+</FileInfo>
diff --git a/Cfg/etc/dhcp3/omapi.conf/info.xml b/Cfg/etc/dhcp3/omapi.conf/info.xml
new file mode 100644
index 0000000..df5c536
--- /dev/null
+++ b/Cfg/etc/dhcp3/omapi.conf/info.xml
@@ -0,0 +1,3 @@
+<FileInfo>
+    <Info owner='root' group='root' perms='0600'/>
+</FileInfo>
diff --git a/Cfg/etc/dhcp3/omapi.conf/omapi.conf b/Cfg/etc/dhcp3/omapi.conf/omapi.conf
new file mode 100644
index 0000000..f96cb4e
--- /dev/null
+++ b/Cfg/etc/dhcp3/omapi.conf/omapi.conf
@@ -0,0 +1,7 @@
+omapi-port 9991;
+key omapi_key {
+        algorithm HMAC-MD5;
+	secret "";
+};
+
+omapi-key omapi_key;
diff --git a/Cfg/etc/dhcp3/omapi_generate/info.xml b/Cfg/etc/dhcp3/omapi_generate/info.xml
new file mode 100644
index 0000000..334b6c3
--- /dev/null
+++ b/Cfg/etc/dhcp3/omapi_generate/info.xml
@@ -0,0 +1,3 @@
+<FileInfo>
+    <Info owner='root' group='root' perms='0760'/>
+</FileInfo>
diff --git a/Cfg/etc/dhcp3/omapi_generate/omapi_generate b/Cfg/etc/dhcp3/omapi_generate/omapi_generate
new file mode 100644
index 0000000..e9c7986
--- /dev/null
+++ b/Cfg/etc/dhcp3/omapi_generate/omapi_generate
@@ -0,0 +1,8 @@
+#!/bin/bash
+PWD="/etc/dhcp3/"
+
+if [ ! -f /etc/dhcp3/omapi_key_generated ]; then
+  dnssec-keygen -r /dev/urandom  -a HMAC-MD5 -b 512 -n HOST omapi_key
+  echo 'Clef omapi generee, pensez a executer la commande sudo cat /etc/dhcp3/Komapi_key*.private|grep "^Key"|cut -d ' ' -f2-`, et a en mettre le resultat dans omapi.conf.'
+  touch /etc/dhcp3/omapi_key_generated
+fi
diff --git a/Metadata/clients.xml b/Metadata/clients.xml
index 2b1c115..a92737e 100644
--- a/Metadata/clients.xml
+++ b/Metadata/clients.xml
@@ -43,6 +43,7 @@
   <Client name="nat64.adm.crans.org" profile="nat64" pingable="Y"/>
   <Client name="cas.adm.crans.org" profile="cas" pingable="Y"/>
   <Client name="nem.adm.crans.org" profile="nem" pingable="Y"/>
+  <Client name="isc.adm.crans.org" profile="isc" pingable="Y"/>
 
   <!-- La ferme -->
   <Client name="canard.adm.crans.org" profile="canard" pingable="Y" pingtime="1342471850.94"/>
diff --git a/Metadata/groups.xml b/Metadata/groups.xml
index 3789b7b..2d350d6 100644
--- a/Metadata/groups.xml
+++ b/Metadata/groups.xml
@@ -368,6 +368,17 @@
     <Group name="dhcp-server" />
   </Group>
 
+  <Group name="isc"
+        profile="true">
+    <Group name="crans-domu-wheezy"/>
+    <Group name="vlan-radin"/>
+    <Group name="vlan-accueil" />
+    <Group name="vlan-isolement"/>
+    <Group name="vlan-ens"/>
+    <Group name="vlan-wifi"/>
+    <Group name="dhcp-server" />
+  </Group>
+
   <Group name="routeur"
         profile="true">
     <Group name="crans-domu-squeeze"/>
diff --git a/Rules/isc-dhcp-server.xml b/Rules/isc-dhcp-server.xml
new file mode 100644
index 0000000..eb4c012
--- /dev/null
+++ b/Rules/isc-dhcp-server.xml
@@ -0,0 +1,11 @@
+<!-- Règles concernant les serveurs équipés de isc-dhcp-server //-->
+<Rules priority="1">
+  <Group name="isc-dhcp-server">
+    <Service name="isc-dhcp-server" type="deb" status="on"/>
+    <Path type="directory" name="/etc/dhcp3/generated" perms="0755" owner="root" group="root"/>
+    <Path type="directory" name="/etc/dhcp3/dhclient-enter-hooks.d/" perms="0755" owner="root" group="root"/>
+    <Path type="directory" name="/etc/dhcp3/dhclient-exit-hooks.d/" perms="0755" owner="root" group="root"/>
+    <Path type="symlink" name="/etc/dhcp" to="/etc/dhcp3"/>
+    <Action name="omapi_key" timing="post" status="check" when="always" command="/etc/dhcp3/omapi_generate"/>
+  </Group>
+</Rules>
diff --git a/etc/python/ip.py b/etc/python/ip.py
index 6e5e37f..22f4124 100644
--- a/etc/python/ip.py
+++ b/etc/python/ip.py
@@ -41,6 +41,12 @@ ip_vlan = {
         'vlan-ens' : '10.2.9.34',
         'vlan-isolement':'10.52.0.34'
     },
+    'isc' : {
+        'vlan-radin' : '10.42.0.160',
+        'vlan-accueil' : '10.51.0.160',
+        'vlan-ens' : '10.2.9.160',
+        'vlan-isolement':'10.52.0.160'
+    },
     'routeur' : {
         'vlan-accueil' : '10.51.0.10',
         'vlan-ens' : '10.2.9.10',